How to Remove KeepCop | Keep Cop Removal Guide



KeepCop is yet another of those rogue antivirus applications that seem to be such a plague on computer users today. These rogue security applications usually installed without permission, or by means of trickery claiming to be a video codec or flash player update. Further they will start out on your computer by creating many new files in C:\Windows and c:\Windows\System32. They will then come back and scan these files and claim they have viruses. It’s basically a scam. They will find problems on any machine. Read on for how to remove Keepcop.


First off, I would go to the control panel and make use of the add/remove programs icon and try to uninstall keepcop. If it works it will make things much easier. Even if it DOES work to uninstall it you should install, update and run a scan with malwarebytes antimalware and then follow that up with a trusted antivirus product scan. This can be an online scanner like trendmicro’s housecall or it could be another trusted antivirus like avg or avira/etc.

If this hasn’t rid you of keepcop you should go ahead to the virus removal toolkit page and download a copy of malwarebytes antimalware. While you are there you may also wish to download process explorer. You may need it a bit further in the clean up process.

You may wish to go ahead and block keepcop.com to prevent further infections.

If you are unable to install malwareybtes you have a few possible options. 1) you may try renaming mbam-setup.exe to something else like iexplore.exe and retry the install, then update and scan. 2 ) reboot into safe mode with networking and then retry the installation of mbam. 3) Follow the next step which involves killing off the running processes associated with KeepCop. After that you can retry the install, update and scan with malwarebytes antimalware.

The following programs are associated with KeepCop and should be killed off using the task manager. If you are unable to launch the task manager you may try the following tricks. 1) copy and paste the taskmgr.exe executable to the desktop. Once there, rename it to something else (firefox.exe) and then retry launching it. 2) reboot into safe mode and see if the following files are running in memory. 3) Use process explorer to kill off the following processes:

302z0spam9ot5a3.exe
KeepCop.exe
uninstall.exe

The above filename may have a random component to it. Use the information above, the files listed below and what you see on your system to help you decide which files are associated with this rogue.

The following files and folders should be deleted for a manual removal of keepcop.

%docs%\All Users\Desktop\KeepCop.lnk
%docs%\All Users\Start Menu\Programs\KeepCop
%docs%\All Users\Start Menu\Programs\KeepCop\1 KeepCop.lnk
%docs%\All Users\Start Menu\Programs\KeepCop\2 Homepage.lnk
%docs%\All Users\Start Menu\Programs\KeepCop\3 Uninstall.lnk
%progfiles%\\KeepCop Software
%progfiles%\\KeepCop Software\KeepCop
%progfiles%\\KeepCop Software\KeepCop\KeepCop.exe
%progfiles%\KeepCop Software\KeepCop\uninstall.exe
%win%\\105019pambotzde.ocx
%win%\\10527ziru9465.dll
%win%\\105z9ir12765.ocx
%win%\\system32\30059viruz4f9.cpl
%win%\\system32\30077vir5zf9.dll
%win%\system32\302z0spam9ot5a3.exe
%tmp%\RANDOMNAME.exe

Some of the file names above may contain random characters and will differ from system to system. Please use the examples and patterns you see above and what you find on your system to decide which files you need to remove. Even if your manual removal of Keepcop goes very well you will still likely have other leftovers so I would recommend that you download and scan with malwarebytes or superantispyware anyway to make certain that your system is clean. After that you should followup with a scan from a trusted antivirus application (online scan from trendmicro would be okay or something like AVG/Avira)

   Send article as PDF   

Similar Posts